===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata26.html,v
retrieving revision 1.23
retrieving revision 1.24
diff -c -r1.23 -r1.24
*** www/errata26.html	2002/10/17 21:38:38	1.23
--- www/errata26.html	2003/03/06 21:44:07	1.24
***************
*** 1,8 ****
! <!DOCTYPE HTML PUBLIC  "-//IETF//DTD HTML Strict//EN">
  <html>
  <head>
  <title>OpenBSD 2.6 errata</title>
! <link rev=made href=mailto:www@openbsd.org>
  <meta name="resource-type" content="document">
  <meta name="description" content="the OpenBSD CD errata page">
  <meta name="keywords" content="openbsd,cd,errata">
--- 1,8 ----
! <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  <html>
  <head>
  <title>OpenBSD 2.6 errata</title>
! <link rev=made href="mailto:www@openbsd.org">
  <meta name="resource-type" content="document">
  <meta name="description" content="the OpenBSD CD errata page">
  <meta name="keywords" content="openbsd,cd,errata">
***************
*** 13,19 ****
  <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
  
  <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
! <h2><font color=#0000e0>
  This is the OpenBSD 2.6 release errata &amp; patch list:
  
  </font></h2>
--- 13,19 ----
  <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
  
  <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
! <h2><font color="#0000e0">
  This is the OpenBSD 2.6 release errata &amp; patch list:
  
  </font></h2>
***************
*** 36,42 ****
  <br>
  <hr>
  
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6.tar.gz>
  You can also fetch a tar.gz file containing all the following patches</a>.
  This file is updated once a day.
  
--- 36,42 ----
  <br>
  <hr>
  
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6.tar.gz">
  You can also fetch a tar.gz file containing all the following patches</a>.
  This file is updated once a day.
  
***************
*** 48,166 ****
  <ul>
  <dl>
  <a name=all></a>
! <li><h3><font color=#e00000>All architectures</font></h3>
  <ul>
  <a name=semconfig></a>
! <li><font color=#009000><strong>024: SECURITY FIX: May 26, 2000</strong></font><br>
  Kernel contained an undocumented system call used to lock semaphore operations
  while they were being sampled by the ipcs(1) command.  This locking could be
  used as a local denial of service attack which would block the exiting of
  processes which had semaphore resources allocated. Processes not using
  semaphores are not affected, so the actual effect is very minimal.<br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/024_sysv_sem.patch>
  A jumbo patch exists which remedies this problem.</a>
  <p>
  <a name=ipf></a>
! <li><font color=#009000><strong>023: SECURITY FIX: May 25, 2000</strong></font><br>
  A misuse of ipf(8)
  <i>keep-state</i> rules can result in firewall rules being
  bypassed.
  This patch also includes fixes for an unaligned timestamp issue,
  and reliability fixes for ipmon and the in-kernel ftp proxy.<br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/023_ipf.patch>
  A jumbo patch exists</a>, which remedies this problem, and updates ipf
  to version 3.3.16.
  <p>
  <a name=xlockmore></a>
! <li><font color=#009000><strong>022: SECURITY FIX: May 25, 2000</strong></font><br>
  xlockmore has a localhost attack against it which allows recovery of the encrypted
  hash of the root password.  The damage to systems using DES passwords from this
  attack is pretty heavy, but to systems with a well-chosen root password under
  blowfish encoding
! (see <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypt&sektion=3">
  crypt(3)</a>)
  the impact is much reduced.<br>
  (Aside:  We do not consider this a localhost root hole in the default install,
  since we have not seen a fast blowfish cracker yet ;-)<br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/022_xlockmore.patch>
  A source code patch exists, which remedies this problem. This is the 2nd patch designed to solve this problem.</a>
  <p>
  <a name=rzsz></a>
! <li><font color=#009000><strong>021: RZSZ SNOOPING: Jan 31, 2000</strong></font><br>
  The rzsz port was removed from the ports collection, as it collects and
  sends user information to a designated email address, effectively spying on
  you.  <em>It is recommended that you remove this package if you installed
  it</em>.
  <p>
  <a name=syslog></a>
! <li><font color=#009000><strong>020: LIBRARY IMPROVEMENT: Jan 26, 2000</strong></font><br>
  syslog(3) would not try to reopen the socket, thus, nightly newsyslog(8)
  would cause syslogd(8) to not see new messages.
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/020_syslog.patch>
  A source code patch exists, which remedies this problem.</a>
  <p>
  <a name=nsphy></a>
! <li><font color=#009000><strong>019: DRIVER IMPROVEMENT: Jan 20, 2000</strong></font><br>
  Intel fxp cards with National Semiconductor PHYs (nsphy) have trouble
  negotiating and maintaining 100Mb link integrity.<br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/019_nsphy.patch>
  A source code patch exists, which remedies this problem.</a>
  <p>
  <a name=procfs></a>
! <li><font color=#009000><strong>018: SECURITY FIX: Jan 20, 2000</strong></font><br>
  Systems running with procfs enabled and mounted are vulnerable
  to having the stderr output of setuid processes directed onto
  a pre-seeked descriptor onto the stack in their own procfs memory.<br>
  Note that procfs is not mounted by default in OpenBSD.<br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/018_procfs.patch>
  A source code patch exists, which remedies this problem.</a>
  <p>
  <a name=aty2k></a>
! <li><font color=#009000><strong>015: Y2K FIX: Jan 9, 2000</strong></font><br>
  The at(1) command was unable to parse some kinds of dates.<br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/015_aty2k.patch>
  A source code patch exists, which remedies this problem.</a>
  <p>
  <a name=addusery2k></a>
! <li><font color=#009000><strong>013: Y2K FIX: Jan 3, 2000</strong></font><br>
  A minor problem in the logging support for the adduser(8) command.<br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/013_addusery2k.patch>
  A source code patch exists, which remedies this problem.</a>
  <p>
  <a name=3c900b></a>
! <li><font color=#009000><strong>012: DRIVER IMPROVEMENT: Jan 3, 2000</strong></font><br>
  The 3C900B-TPO fails to select the correct media type (it never sees or
  sends packets).<br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/012_3c900b.patch>
  A source code patch exists, which remedies this problem.</a>
  <p>
  <a name=poll></a>
! <li><font color=#009000><strong>011: SECURITY FIX: Dec 4, 1999</strong></font><br>
  Various bugs in poll(2) may cause a kernel crash.<br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/011_poll.patch>
  A source code patch exists, which remedies this problem.</a>
  <p>
  <a name=sendmail></a>
! <li><font color=#009000><strong>010: SECURITY FIX: Dec 4, 1999</strong></font><br>
  Sendmail had a race in aliases file handling, which this patch fixes.<br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/010_sendmail.patch>
  A source code patch exists, which remedies this problem.</a>
  <p>
  <a name=atapijumbo></a>
! <li><font color=#009000><strong>009: DRIVER IMPROVEMENTS: Dec 4, 1999</strong></font><br>
  Various improvements have been made to the IDE/ATAPI subsystem since
  the 2.6 release shipped.<br>
  Some of these improvements make some recalcitrant devices work much better.
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/009_atapi.patch><br>
  Revision 1 of this jumbo source code patch exists.</a><br>
  <p>
  <a name=sslUSA></a>
! <li><font color=#009000><strong>016: SECURITY FIX: Dec 2, 1999</strong></font><br>
  A buffer overflow in the RSAREF code included in the
  USA version of the libssl package (called <strong>sslUSA</strong>, is
  possibly exploitable in isakmpd if SSL/RSA features
  are enabled or used.<br>
! <a href=http://www.openssh.com>OpenSSH</a> and httpd (with -DSSL) are not
  vulnerable.<br>
  <strong>NOTE: International users using the ssl26 package are not affected.</strong>
  <p>
--- 48,166 ----
  <ul>
  <dl>
  <a name=all></a>
! <li><h3><font color="#e00000">All architectures</font></h3>
  <ul>
  <a name=semconfig></a>
! <li><font color="#009000"><strong>024: SECURITY FIX: May 26, 2000</strong></font><br>
  Kernel contained an undocumented system call used to lock semaphore operations
  while they were being sampled by the ipcs(1) command.  This locking could be
  used as a local denial of service attack which would block the exiting of
  processes which had semaphore resources allocated. Processes not using
  semaphores are not affected, so the actual effect is very minimal.<br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/024_sysv_sem.patch">
  A jumbo patch exists which remedies this problem.</a>
  <p>
  <a name=ipf></a>
! <li><font color="#009000"><strong>023: SECURITY FIX: May 25, 2000</strong></font><br>
  A misuse of ipf(8)
  <i>keep-state</i> rules can result in firewall rules being
  bypassed.
  This patch also includes fixes for an unaligned timestamp issue,
  and reliability fixes for ipmon and the in-kernel ftp proxy.<br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/023_ipf.patch">
  A jumbo patch exists</a>, which remedies this problem, and updates ipf
  to version 3.3.16.
  <p>
  <a name=xlockmore></a>
! <li><font color="#009000"><strong>022: SECURITY FIX: May 25, 2000</strong></font><br>
  xlockmore has a localhost attack against it which allows recovery of the encrypted
  hash of the root password.  The damage to systems using DES passwords from this
  attack is pretty heavy, but to systems with a well-chosen root password under
  blowfish encoding
! (see <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypt&amp;sektion=3">
  crypt(3)</a>)
  the impact is much reduced.<br>
  (Aside:  We do not consider this a localhost root hole in the default install,
  since we have not seen a fast blowfish cracker yet ;-)<br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/022_xlockmore.patch">
  A source code patch exists, which remedies this problem. This is the 2nd patch designed to solve this problem.</a>
  <p>
  <a name=rzsz></a>
! <li><font color="#009000"><strong>021: RZSZ SNOOPING: Jan 31, 2000</strong></font><br>
  The rzsz port was removed from the ports collection, as it collects and
  sends user information to a designated email address, effectively spying on
  you.  <em>It is recommended that you remove this package if you installed
  it</em>.
  <p>
  <a name=syslog></a>
! <li><font color="#009000"><strong>020: LIBRARY IMPROVEMENT: Jan 26, 2000</strong></font><br>
  syslog(3) would not try to reopen the socket, thus, nightly newsyslog(8)
  would cause syslogd(8) to not see new messages.
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/020_syslog.patch">
  A source code patch exists, which remedies this problem.</a>
  <p>
  <a name=nsphy></a>
! <li><font color="#009000"><strong>019: DRIVER IMPROVEMENT: Jan 20, 2000</strong></font><br>
  Intel fxp cards with National Semiconductor PHYs (nsphy) have trouble
  negotiating and maintaining 100Mb link integrity.<br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/019_nsphy.patch">
  A source code patch exists, which remedies this problem.</a>
  <p>
  <a name=procfs></a>
! <li><font color="#009000"><strong>018: SECURITY FIX: Jan 20, 2000</strong></font><br>
  Systems running with procfs enabled and mounted are vulnerable
  to having the stderr output of setuid processes directed onto
  a pre-seeked descriptor onto the stack in their own procfs memory.<br>
  Note that procfs is not mounted by default in OpenBSD.<br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/018_procfs.patch">
  A source code patch exists, which remedies this problem.</a>
  <p>
  <a name=aty2k></a>
! <li><font color="#009000"><strong>015: Y2K FIX: Jan 9, 2000</strong></font><br>
  The at(1) command was unable to parse some kinds of dates.<br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/015_aty2k.patch">
  A source code patch exists, which remedies this problem.</a>
  <p>
  <a name=addusery2k></a>
! <li><font color="#009000"><strong>013: Y2K FIX: Jan 3, 2000</strong></font><br>
  A minor problem in the logging support for the adduser(8) command.<br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/013_addusery2k.patch">
  A source code patch exists, which remedies this problem.</a>
  <p>
  <a name=3c900b></a>
! <li><font color="#009000"><strong>012: DRIVER IMPROVEMENT: Jan 3, 2000</strong></font><br>
  The 3C900B-TPO fails to select the correct media type (it never sees or
  sends packets).<br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/012_3c900b.patch">
  A source code patch exists, which remedies this problem.</a>
  <p>
  <a name=poll></a>
! <li><font color="#009000"><strong>011: SECURITY FIX: Dec 4, 1999</strong></font><br>
  Various bugs in poll(2) may cause a kernel crash.<br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/011_poll.patch">
  A source code patch exists, which remedies this problem.</a>
  <p>
  <a name=sendmail></a>
! <li><font color="#009000"><strong>010: SECURITY FIX: Dec 4, 1999</strong></font><br>
  Sendmail had a race in aliases file handling, which this patch fixes.<br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/010_sendmail.patch">
  A source code patch exists, which remedies this problem.</a>
  <p>
  <a name=atapijumbo></a>
! <li><font color="#009000"><strong>009: DRIVER IMPROVEMENTS: Dec 4, 1999</strong></font><br>
  Various improvements have been made to the IDE/ATAPI subsystem since
  the 2.6 release shipped.<br>
  Some of these improvements make some recalcitrant devices work much better.
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/009_atapi.patch"><br>
  Revision 1 of this jumbo source code patch exists.</a><br>
  <p>
  <a name=sslUSA></a>
! <li><font color="#009000"><strong>016: SECURITY FIX: Dec 2, 1999</strong></font><br>
  A buffer overflow in the RSAREF code included in the
  USA version of the libssl package (called <strong>sslUSA</strong>, is
  possibly exploitable in isakmpd if SSL/RSA features
  are enabled or used.<br>
! <a href="http://www.openssh.com">OpenSSH</a> and httpd (with -DSSL) are not
  vulnerable.<br>
  <strong>NOTE: International users using the ssl26 package are not affected.</strong>
  <p>
***************
*** 183,319 ****
  <strong>NOTE: this problem turned out to not be unexploitable in OpenSSH.</strong>
  <p>
  <a name=fortran></a>
! <li><font color=#009000><strong>017: FUNCTIONALITY ADDITION: Nov 14, 1999</strong></font><br>
  Fortran doesn't work right.  The file /usr/include/g2c.h is missing in the
  release.<br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/008_fortran.patch>
  A source code patch exists which remedies this problem.</a><br>
  The patch fixes the source tree and describes how to properly add
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/g2c.h>
  the include file</a> to your system.
  <p>
  <a name=sshjumbo></a>
! <li><font color=#009000><strong>005: FUNCTIONALITY ADDITION: Nov 11, 1999</strong></font><br>
  Various OpenSSH improvements have been made since the 2.6 release shipped.<br>
  To resolve the various (non-security related) features which users may want,
  we are making a jumbo patch available.  <strong>This is now at VERSION FOUR.</strong><br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/005_sshjumbo.patch>
  Revision 4 of this jumbo source code patch exists.</a><br>
  <strong>NOTE: /etc/sshd_config and /etc/ssh_config may need changes.</strong>
  <p>
  <a name=m4></a>
! <li><font color=#009000><strong>003: FUNCTIONALITY FIX: Nov 10, 1999</strong></font><br>
  m4 is quite broken in the 2.6 release.<br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/003_m4.patch>
  The 3rd version of the source code patch exists, which remedies this problem.</a>
  <p>
  <a name=ifmedia></a>
! <li><font color=#009000><strong>002: SECURITY FIX: Nov 9, 1999</strong></font><br>
  Any user can change interface media configurations.<br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/002_ifmedia.patch>
  A source code patch exists which remedies this problem.</a>
  <p>
  <a name=newsyslog></a>
! <li><font color=#009000><strong>001: RELIABILITY FIX: Nov 8, 1999</strong></font><br>
  A race condition in newsyslog(8) can cause errors in log file rotation.<br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/001_newsyslog.patch>
  A source code patch exists which remedies this problem.</a>
  <p>
  </ul>
  <p>
  <a name=i386></a>
! <li><h3><font color=#e00000>i386</font></h3>
  <ul>
  <li>No problems identified yet.
  </ul>
  <p>
  <a name=mac68k></a>
! <li><h3><font color=#e00000>mac68k</font></h3>
  <ul>
  <a name=m68k_locore></a>
  <a name=mac68k_locore></a>
! <li><font color=#009000><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font><br>
  All m68k kernels can possibly be crashed by a user.<br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch>
  A source code patch exists which remedies this problem.</a>
  <p>
  </ul>
  <p>
  <a name=sparc></a>
! <li><h3><font color=#e00000>sparc</font></h3>
  <ul>
  <a name=eepromy2k></a>
! <li><font color=#009000><strong>014: Y2K FIX: Jan 3, 2000</strong></font><br>
  A minor problem; the sparc eeprom(8) command is not Y2K compliant.<br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/sparc/014_eepromy2k.patch>
  Revision 2 of the source code patch exists, which remedies this problem.</a>
  <p>
  <a name=sparc_locore></a>
! <li><font color=#009000><strong>004: RELIABILITY FIX: Nov 12, 1999</strong></font><br>
  The sparc kernel can be crashed by a user.<br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/sparc/004_locore.patch>
  A source code patch exists which remedies this problem.</a>
  <p>
  </ul>
  <p>
  <a name=amiga></a>
! <li><h3><font color=#e00000>amiga</font></h3>
  <ul>
  <a name=amiga_locore></a>
! <li><font color=#009000><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font><br>
  All m68k kernels can possibly be crashed by a user.<br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch>
  A source code patch exists which remedies this problem.</a>
  <p>
  </ul>
  <p>
  <a name=pmax></a>
! <li><h3><font color=#e00000>pmax</font></h3>
  <ul>
  <li>No problems identified yet.
  </ul>
  <p>
  <a name=arc></a>
! <li><h3><font color=#e00000>arc</font></h3>
  <ul>
  <li>No problems identified yet.
  </ul>
  <p>
  <a name=alpha></a>
! <li><h3><font color=#e00000>alpha</font></h3>
  <ul>
  <a name=alpha_locore></a>
! <li><font color=#009000><strong>006: RELIABILITY FIX: Nov 13, 1999</strong></font><br>
  The alpha kernel can possibly be crashed by a user.<br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/alpha/006_locore.patch>
  A source code patch exists which remedies this problem.</a>
  <p>
  </ul>
  <p>
  <a name=hp300></a>
! <li><h3><font color=#e00000>hp300</font></h3>
  <ul>
  <a name=hp300_locore></a>
! <li><font color=#009000><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font><br>
  All m68k kernels can possibly be crashed by a user.<br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch>
  A source code patch exists which remedies this problem.</a>
  <p>
  </ul>
  <p>
  <a name=mvme68k></a>
! <li><h3><font color=#e00000>mvme68k</font></h3>
  <ul>
  <a name=mvme68k_locore></a>
! <li><font color=#009000><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font><br>
  All m68k kernels can possibly be crashed by a user.<br>
! <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch>
  A source code patch exists which remedies this problem.</a>
  <p>
  </ul>
  <p>
  <a name=powerpc></a>
! <li><h3><font color=#e00000>powerpc</font></h3>
  <ul>
  <li>No problems identified yet.
  </ul>
--- 183,319 ----
  <strong>NOTE: this problem turned out to not be unexploitable in OpenSSH.</strong>
  <p>
  <a name=fortran></a>
! <li><font color="#009000"><strong>017: FUNCTIONALITY ADDITION: Nov 14, 1999</strong></font><br>
  Fortran doesn't work right.  The file /usr/include/g2c.h is missing in the
  release.<br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/008_fortran.patch">
  A source code patch exists which remedies this problem.</a><br>
  The patch fixes the source tree and describes how to properly add
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/g2c.h">
  the include file</a> to your system.
  <p>
  <a name=sshjumbo></a>
! <li><font color="#009000"><strong>005: FUNCTIONALITY ADDITION: Nov 11, 1999</strong></font><br>
  Various OpenSSH improvements have been made since the 2.6 release shipped.<br>
  To resolve the various (non-security related) features which users may want,
  we are making a jumbo patch available.  <strong>This is now at VERSION FOUR.</strong><br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/005_sshjumbo.patch">
  Revision 4 of this jumbo source code patch exists.</a><br>
  <strong>NOTE: /etc/sshd_config and /etc/ssh_config may need changes.</strong>
  <p>
  <a name=m4></a>
! <li><font color="#009000"><strong>003: FUNCTIONALITY FIX: Nov 10, 1999</strong></font><br>
  m4 is quite broken in the 2.6 release.<br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/003_m4.patch">
  The 3rd version of the source code patch exists, which remedies this problem.</a>
  <p>
  <a name=ifmedia></a>
! <li><font color="#009000"><strong>002: SECURITY FIX: Nov 9, 1999</strong></font><br>
  Any user can change interface media configurations.<br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/002_ifmedia.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  <a name=newsyslog></a>
! <li><font color="#009000"><strong>001: RELIABILITY FIX: Nov 8, 1999</strong></font><br>
  A race condition in newsyslog(8) can cause errors in log file rotation.<br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/001_newsyslog.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  </ul>
  <p>
  <a name=i386></a>
! <li><h3><font color="#e00000">i386</font></h3>
  <ul>
  <li>No problems identified yet.
  </ul>
  <p>
  <a name=mac68k></a>
! <li><h3><font color="#e00000">mac68k</font></h3>
  <ul>
  <a name=m68k_locore></a>
  <a name=mac68k_locore></a>
! <li><font color="#009000"><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font><br>
  All m68k kernels can possibly be crashed by a user.<br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  </ul>
  <p>
  <a name=sparc></a>
! <li><h3><font color="#e00000">sparc</font></h3>
  <ul>
  <a name=eepromy2k></a>
! <li><font color="#009000"><strong>014: Y2K FIX: Jan 3, 2000</strong></font><br>
  A minor problem; the sparc eeprom(8) command is not Y2K compliant.<br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/sparc/014_eepromy2k.patch">
  Revision 2 of the source code patch exists, which remedies this problem.</a>
  <p>
  <a name=sparc_locore></a>
! <li><font color="#009000"><strong>004: RELIABILITY FIX: Nov 12, 1999</strong></font><br>
  The sparc kernel can be crashed by a user.<br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/sparc/004_locore.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  </ul>
  <p>
  <a name=amiga></a>
! <li><h3><font color="#e00000">amiga</font></h3>
  <ul>
  <a name=amiga_locore></a>
! <li><font color="#009000"><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font><br>
  All m68k kernels can possibly be crashed by a user.<br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  </ul>
  <p>
  <a name=pmax></a>
! <li><h3><font color="#e00000">pmax</font></h3>
  <ul>
  <li>No problems identified yet.
  </ul>
  <p>
  <a name=arc></a>
! <li><h3><font color="#e00000">arc</font></h3>
  <ul>
  <li>No problems identified yet.
  </ul>
  <p>
  <a name=alpha></a>
! <li><h3><font color="#e00000">alpha</font></h3>
  <ul>
  <a name=alpha_locore></a>
! <li><font color="#009000"><strong>006: RELIABILITY FIX: Nov 13, 1999</strong></font><br>
  The alpha kernel can possibly be crashed by a user.<br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/alpha/006_locore.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  </ul>
  <p>
  <a name=hp300></a>
! <li><h3><font color="#e00000">hp300</font></h3>
  <ul>
  <a name=hp300_locore></a>
! <li><font color="#009000"><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font><br>
  All m68k kernels can possibly be crashed by a user.<br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  </ul>
  <p>
  <a name=mvme68k></a>
! <li><h3><font color="#e00000">mvme68k</font></h3>
  <ul>
  <a name=mvme68k_locore></a>
! <li><font color="#009000"><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font><br>
  All m68k kernels can possibly be crashed by a user.<br>
! <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch">
  A source code patch exists which remedies this problem.</a>
  <p>
  </ul>
  <p>
  <a name=powerpc></a>
! <li><h3><font color="#e00000">powerpc</font></h3>
  <ul>
  <li>No problems identified yet.
  </ul>
***************
*** 340,347 ****
  
  <hr>
  <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
! <a href=mailto:www@openbsd.org>www@openbsd.org</a>
! <br><small>$OpenBSD: errata26.html,v 1.23 2002/10/17 21:38:38 deraadt Exp $</small>
  
  </body>
  </html>
--- 340,347 ----
  
  <hr>
  <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
! <a href="mailto:www@openbsd.org">www@openbsd.org</a>
! <br><small>$OpenBSD: errata26.html,v 1.24 2003/03/06 21:44:07 naddy Exp $</small>
  
  </body>
  </html>